- May 11, 2014
- 1,639
I have seen a few posts on MalwareTips re: the protection capability of Kaspersky on 64bit systems, so today I have submitted a request via my Kaspersky account to tech support for an official reply. Citing my concerns about whether I am as well protected as someone using 32bit system. Email below:
Dear Tech Support:
I have been using Kaspersky for 3-4yrs and have always had a x64 bit OS but a colleague informs me of the following note: I have seen Kaspersky lacks certain functionality with x64 bit OS:
If malware installs, for example, a malicious 64-bit service or other unhookable malicious 64 bit processes, then Kaspersky HIPS will not alert when that service or those processes run...
Will such a thing make a difference between preventing or allowing an infection - probably not - as Kaspersky will likely detect the file via signature. If not, and it is Unknown, then Kaspersky Application Control will assign it to Low or High Restricted.
Once assigned to Low or High Restricted and executed... Kaspersky HIPS will not alert to certain 64-bit processes. The typical user is not going to know that HIPS alerts are missing\not being generated - or even if they were generated - what the hell those alerts mean.
Anything assigned to Low or High Restricted in Kaspersky will activate HIPS alerts - and there will typically be an overwhelming amount of them. Typical user does not know what to do - Allow, Allow Once, Block - what ???
The fact that HIPS alerts are generated means that the infection is being installed - or - is already installed on the system. In either case, an infection is present on the system.
So it is debatable whether or not the missing 64-bit services\process HIPS alerts would have made any kind of difference in stopping the infection and in the grand scheme of things.
That"s the problem with Classical HIPS - it is entirely dependent upon the user"s knowledge and experience.
The real issue is that with Kaspersky, certain sophisticated 64-bit malware can get onto the system and do a whole lot of damage - the whole time being undetected - except perhaps by the firewall... but I wouldn"t count on it.
Case in point was Gamma International"s FinFisher FinSpy Surveillance Suite that created so much hub-bub when the reports were WikiLeaked.
Comodo and Emsisoft (64 bit) detected it - the only ones to do so - on all system installs.
Kaspersky, BitDefender, Avira, etc, etc - either missed it completely or only detected it partially in isolated cases. Part of the problem with Kaspersky is that it is only 32-bit.
I suspect if Kaspersky had 64-bit version then it would have done better job at detecting FinFisher FInSpy.
If you use antiexecutable or default-deny configuration - and pay very close attention to software activity - then you don"t worry about such things.
Could you please explain the above, as I am kinda concerned that due to my system I am not as well protected by Kaspersky, as say someone with x32 bit.
Best wishes, Tony Cole.
P.S. I will of course update when they reply.
Dear Tech Support:
I have been using Kaspersky for 3-4yrs and have always had a x64 bit OS but a colleague informs me of the following note: I have seen Kaspersky lacks certain functionality with x64 bit OS:
If malware installs, for example, a malicious 64-bit service or other unhookable malicious 64 bit processes, then Kaspersky HIPS will not alert when that service or those processes run...
Will such a thing make a difference between preventing or allowing an infection - probably not - as Kaspersky will likely detect the file via signature. If not, and it is Unknown, then Kaspersky Application Control will assign it to Low or High Restricted.
Once assigned to Low or High Restricted and executed... Kaspersky HIPS will not alert to certain 64-bit processes. The typical user is not going to know that HIPS alerts are missing\not being generated - or even if they were generated - what the hell those alerts mean.
Anything assigned to Low or High Restricted in Kaspersky will activate HIPS alerts - and there will typically be an overwhelming amount of them. Typical user does not know what to do - Allow, Allow Once, Block - what ???
The fact that HIPS alerts are generated means that the infection is being installed - or - is already installed on the system. In either case, an infection is present on the system.
So it is debatable whether or not the missing 64-bit services\process HIPS alerts would have made any kind of difference in stopping the infection and in the grand scheme of things.
That"s the problem with Classical HIPS - it is entirely dependent upon the user"s knowledge and experience.
The real issue is that with Kaspersky, certain sophisticated 64-bit malware can get onto the system and do a whole lot of damage - the whole time being undetected - except perhaps by the firewall... but I wouldn"t count on it.
Case in point was Gamma International"s FinFisher FinSpy Surveillance Suite that created so much hub-bub when the reports were WikiLeaked.
Comodo and Emsisoft (64 bit) detected it - the only ones to do so - on all system installs.
Kaspersky, BitDefender, Avira, etc, etc - either missed it completely or only detected it partially in isolated cases. Part of the problem with Kaspersky is that it is only 32-bit.
I suspect if Kaspersky had 64-bit version then it would have done better job at detecting FinFisher FInSpy.
If you use antiexecutable or default-deny configuration - and pay very close attention to software activity - then you don"t worry about such things.
Could you please explain the above, as I am kinda concerned that due to my system I am not as well protected by Kaspersky, as say someone with x32 bit.
Best wishes, Tony Cole.
P.S. I will of course update when they reply.